Agile Auditing Methodology

By Arif Zaman , Head of Internal Audit, Emaar Industries & Investments, UAE

Agile auditing focuses on flexibility, efficiency, user acceptability, and more transparency.

Agile audit term first coined in software development in 2001 and it has proven helpful methodology for applying in the rapidly changing market. If you are working in a fast-paced organization such as a tech-based company, then Agile auditing is the most useful methodology to follow.

Agile Auditing Methodology Steps:

Step 1 – Create audit backlog – The audit team creates a log (list) of tentative audits, prioritizes them based on risks in the list. These logs are dynamic and updated in terms of priority frequently (each quarter). Top logs are the most important ones. The audit team starts at the top and follows till the list completed based on timing and resource availability.

Step 2 – Breaking audit logs into stories – The audit engagement is broken down into small tasks called stories. Mostly 3 or 4 auditors work on the same audit engagement for the achievement of stories (task).

Step 3 – Stories achievement in sprints – Sprints are time-based intervals in which stories (audit tasks) are achieved. Generally, a sprint is not more than 2 weeks of interval. 

Step 4 – Stakeholder touchpoint – Unlike the traditional audit, the auditor does not wait to meet the stakeholders at the end of fieldwork but rather touch base with the stakeholder (scrum master and auditee) at the sprints (short interval) to demonstrate the results of each story (task). These touchpoints provide a medium to address the audit issues and agree on mitigation.

Step 5 – Scrum Master facilitates the audit process – The audit manager or team leader is known as Scrum Master whose role is to ensure the engagement achievements within time and budget, He touches base with the team during the sprints (short interval).

Step 6 – Reporting – To successfully apply Agile to internal auditing, forget about audit reports, the auditor should issue, track, and report individual observations/findings.

Agile auditing is not the death of traditional audit methodology, but an alternative option based on the company circumstances. Agile auditing best suited where the requirements of the project are not clear, projects could be prone to undesirable threats, or the team size is small.

In conclusion, the above methodology necessitates quarterly audit planning (audit log) rather than annual, breaking the audit engagement into small tasks (stories), have quick and short interactions (touchpoint) with the stakeholder at short intervals of not more than 2 weeks (sprints). Lastly, the audit results are communicated based on task completion rather than waiting till the end of audit engagements, which means a quick resolution of audit matters.

Arif Zaman